router hardening project.slide
DESCRIPTION
This shared slides is containing some of the basic information about Router Hardening project which my team and I did in our network security class project and we used it to present our project's process and procedures. Our project scenario was to harden the network and routers for hypothetical organization so we decided to do it for a bank and we called it ANS bank referring to first letters of the team members.TRANSCRIPT
04/14/2023 Designed by Alya Alsaadi 1
Hardening Router Project
Alya Mabrouk Al Saadi 20090000Noora M. Al Shehi 20090000Shaikha M. Al Mulla 20090000
Instructor: Huwida SaidCIT335-501 Spring 2013
04/14/2023 Designed by Alya Alsaadi 2
Outline
1
2
3
4
5
6
Conclusion
References
Project’s Objective
Experimental procedures
Network Topology
Hardening procedures
04/14/2023 Designed by Alya Alsaadi 3
Project’s Objective---
• Securing routers • Combining security and networking
concepts• Team work• Troubleshooting • Time management
2
04/14/2023 Designed by Alya Alsaadi 4
Experimental procedures ---
Hardware:Laptops
Quantity : 4
SwitchesQuantity: 3
Routers Quantity: 3
Cablesstraight cables Quantity: 7Cross-over cablesQuantity: 2serial cablesQuantity: 2 console cables Quantity: 3
2
04/14/2023 Designed by Alya Alsaadi 5
Software:Packet tracerHyper Terminal
Experimental procedures --- 2
04/14/2023 Designed by Alya Alsaadi 6
Network Topology ---
5 networks 4 PCsClass B & C IP address3 Layer 2 devices “switches”3 Layer 3 devices “ Routers”
3
04/14/2023 Designed by Alya Alsaadi 7
Hardening procedures ---
• Basic configuration• Task 1 Basic Access Control: console password, VTY and AUX
password,• Task 2 Warning Banner: message of the day “MOTD” banner. • Task 3 disable Unnecessary Protocols and Services:
• 3.1 - Disable Echo, Chargen and discard• 3.2- Disable finger• 3.3 - Disable the httpd interface• 3.4 - Disable ntp (if you are not using it)
• Task 4 shutdown unused port in LAN and WAN network:
4
04/14/2023 Designed by Alya Alsaadi 8
Enhanced Network Topology ---
7 networks 5 PCsClass B & C IP address3 Layer 2 devices “switches”3 Layer 3 devices “ Routers”2 Servers
3
04/14/2023 Designed by Alya Alsaadi 9
Hardening procedures --- • Task 1 Access control list ACL:
HQ(config)#access-list 102 deny icmp any any echo HQ(config)#access-list 102 permit ip any any HQ(config)#int s0/0/1Figure 13: Ping from PC4 to the webserverHQ(config-if)#ip access-group 102 in HQ(config-if)#int s0/0/0HQ(config-if)#ip access-group 102 in
• Result: Ping from PC4 to web server
4
04/14/2023 Designed by Alya Alsaadi 10
Hardening procedures --- • Task 2 Radius server: Authentication, Authorization, and
Accounting for internal network.
4
1. Opening port in LAN network for radius serverSwitch(config)#int fa0/4Switch(config-if)#no shutdown 2. Configuring authentication on branch router were radius server installed:Branch(config)#username Admin password abcdefBranch(config)#username shaikha password zayedBranch(config)#username noora password zayed2009Branch(config)#radius-server host 172.30.1.12Branch(config)#radius-server key radiusBranch(config)#aaa new-modelBranch(config)#aaa authentication login default group radius localBranch(config)#line con 0 Branch(config-line)#login authentication default
04/14/2023 Designed by Alya Alsaadi 11
Hardening procedures --- • Task 2 Radius server: Authentication, Authorization, and
Accounting for internal network.• Result:
4
04/14/2023 Designed by Alya Alsaadi 12
Hardening procedures --- • Task 3 Physical security: Door locks, Cabinet locks
4
04/14/2023 Designed by Alya Alsaadi 13
Conclusion --- 5
04/14/2023 Designed by Alya Alsaadi 14
References ---
Barreiro, A. (2011, October 26). A log review process for detecting security incidents. ITSecurity. Retrieved March 5, 2013, from www.techrepublic.com/blog/security/a-log-review-process-for-detecting-security- ncidents/6601Cisco , Inc. (2009). Cisco Router Guide.cisco. Retrieved March 7, 2013, fromwww.cisco.com/en/US/prod/collateral/routers/ps5855/prod_brochure0900aecd8019dc1f.pdfCisco, ink. (2013). Official Linksys Support Site. Official Linksys Support Site. Retrieved March 7, 2013, from
http://homesupport.cisco.com/en-us/support Cisco, s. (2013). Cisco 1760 Modular Access Router. cisco. Retrieved March 6, 2013, from www.cisco.com/warp/public/cc/pd/rt/1700/prodCola, J. (n.d). Information and setwork security: The importance of network security and the types of security attacks. Retrieved from http://www.jackcola.org/learn/information-and-network-security/151-the-importance-of-network-security-and-the-types-of-security-attacksCox, C. (n.d.). Hardening your router in 9 easy steps. SearchNetworking. Retrieved March 5, 2013, from http://searchnetworking.techtRouter - History, Functionality and Manufacturers. (2004). ecommerce.insightin. Retrieved March 5, 2013, from http://ecommerce.insightin.com/network/router.htmlSheldon, T. (2011). Route Aggregation.linktionary. Retrieved March 7, 2013, fromwww.linktionary.com/r/route_aggregation.htTypes of router. (2013). orbit-computer-solutions. Retrieved March 4, 2013, from http://www.orbit-computer-solutions.com/Types-of-Router.php arget.com/tip/Hardening-your-router-in-9-easy-steps
6
04/14/2023 Designed by Alya Alsaadi 15
THANK YOU FOR LISTENING DO YOU HAVE ANY QUESTIONS?